Brussels (Brussels Morning) The first of a set of acts pertaining to the EU’s new data strategy was released by the Commission today. Since much of the proposal had been leaked a few weeks ago, today’s publication did not come as much of a surprise to those involved.
The aim is to enable the re-use of publicly-held data, both personal and commercial, for purposes other than that which they were initially collected for.
The use of personal data is subject to privacy rules and data protection guaranteeing individual integrity, whereas business data is safeguarded from common use if it contains trade secrets that cannot be disclosed. Some data can be ruled out from re-use if such is forbidden by sector-specific rules.
The underlying premise is that data the public sector collects in the course of its work (e.g. in healthcare) can be re-used when anonymised or used as meta-data when extracted from a big number of users (clients or patients).
The information could come from different sources — also e.g. mapping data or traffic monitoring can be used for sharing, or data from agriculture.
The re-use of data should be limited to what is necessary in order to preserve the rights and interests of others. Nor should it compromise public sector’s IT systems. Moreover, public sector bodies allowing re-use should have the technical means to ensure safe transmission of data.
”Now there is legal clarity for data sharing,” Competition Commissioner Margrethe Vestager declared in Brussels today. ”There is a benefit for the single market with access to data from different EU countries under similar conditions.
So far, it has been the lack of common tools and not the willingness to share that limits data sharing,” she clarified.
Anonymised personal data in circulation
The new EU rules will need to be further defined before being adopted. As is, they require that data must be anonymised so that the so-called data subjects (persons) cannot by identified and data containing confidential commercial information must be modified to ensure that no trade secrets are disclosed. However, data could still be tapped at source as data analysis under public supervision.
Transmission may not be allowed in all instances, but that does not necessarily prevent the use of the information. The re-user (e.g. a research body or a company) would then sign a confidentiality agreement provided the persons concerned agree to the use of their information, an arrangement the public body gathering the information is under an obligation to promote.
Standard consent forms are encouraged as a way of making information available for the common good — ”data altruism” as it is called. The act, which has yet to be finalised, does aim at strengthening European bodies in order that they share data and use the results within a European data space.
”The most important thing is we will have data flowing,” Internal Market Commissioner Thierry Breton said in Brussels on Wednesday. ”We should decide on the rules on our own continent.”
The whole process is to be facilitated by independent intermediaries set up to share data in a neutral manner. Under a European model of collaborative sharing, data will not be monetised (only administrative fees will be charged). Data for shared use could also be collected for a group of individuals, e.g. patients that follow up on their own condition and relate that data through an intermediary for use in research.
”Data can be made available for re-use while maintaining privacy,” Commissioner Vestager said. ”We will be boosting voluntary data sharing, but this will only work if intermediaries are fully trusted.”
Data flowing under protection
Service providers should still not be able to share information for other purposes than those agreed to by legal or physical entities. The data intermediaries also serve individuals who can manage their consent to data processing and access their own data or correct their data in their own interest.
”The data intermediaries at least serve a purpose for the individual; if you, for example, need access to your own digital data, the operator can get it by acquiring permission from different sources,” says Teemu Ropponen, a Finnish member of the MyData Global community that works on the ethical use of personal data.
”This is on our part all about getting the data to flow. We work on data sovereignty and at least this proposal should favour smaller actors on the market. With a big number of small operators that work together we challenge those huge tech giants.”
The MyData network promotes a human-centric approach to personal data that combines industry needs for data with strong digital human rights. ”The data should flow but it should be protected. We are so-to-speak in favour of good data sharing,” Ropponen adds.
The Data Governance Act is the EU’s response to ensuring effective data flow and encouraging European actors on the market. Similarly, the UK is adopting its own data strategy, something that could jeopardise the trade deal with the EU.
Other acts that are part of the EU’s data strategy deal with digital services as a regulation of the online platform economy, which is due next week, and, in January, one on the use of data and data-sharing. The draft Digital Services Act is the Commission’s way of tackling the American tech giants that so far have been under investigation for abusing their dominance on the markets and for breaching anti-trust rules.
What follows next is the process of debating data governance in the European Parliament and adapting the text until its adoption as a legally binding regulation.